Hard NACK on capping the witness size as that would effectively ban large scripts even in the P2SH wrapper which undermines Bitcoin's ability to be an effectively programmable money.

The issue is that if you do that then you effectively make script unusable for complex scripting or anything related to ZKPs. At that point you may as well just remove script altogether and just make Bitcoin a key-only currency, which I think would be silly. I think making Bitcoin safely more programmable should be the goal, not hamstringing what can be done with script by capping the witness size. The "spam" (which I'll remind people is an incoherent idea in a leaderless system) is a symptom of the inability for a robust fee market to develop for block space.

I am hesitant to limit the scriptPubKey all the way down to 67 bytes. Although it may be compelling to tighten it up as restrictively as possible, if we find a reason to increase it again, it either has to be done via a hard fork or via a significantly more complicated and subversive mechanism. I think a gradual tightening based off of concrete observations in the wild is a much more prudent approach.

Keags

On Wed, Oct 8, 2025 at 10:24 AM Greg Tonoski <greg.tonoski@gmail.com> wrote:
I'm for all the consensus proposals below and would further specify:
- limiting the maximum size of the scriptPubKey of a transaction to 67 bytes (to keep supporting P2PK and avoid impacting usability/compatibility of old, deprecated software and risk of similar corner cases); good riddance to P2MS;
- limit the maximum size of script data pushes to 73 bytes (for the same reason, i.e. keep supporting for P2PK input: signature with its encoding overhead; also P2PKH) "with an exception for BIP16 redeem scripts [which may embed multiple public keys for multisig]",
- rule out "OP_FALSE OP_IF" (CVE-2023-50428),
- discontinue P2SPAM (the one that repurposed the mnemonic OP_RETURN and was standardized in 2014, commit a79342479f577013f2fd2573fb32585d6f4981b3).

BTW I think we should also consider consensus-wise limit on the maximum size of the so-called Witness field (3600 bytes max. by policy.h) along with max. size (80 bytes max. by policy.h) and max. count of its items (100 by policy.h). Any suggestions, anybody?

-- 
Greg Tonoski

On Fri, Oct 3, 2025 at 10:09 PM Luke Dashjr <luke@dashjr.org> wrote:

If we're going this route, we should just close all the gaps for the immediate future:

- Limit (new) scriptPubKeys to 83 bytes or less. 34 doesn't seem terrible. UTXOs are a huge cost to nodes, we should always keep them as small as possible. Anything else can be hashed (if SHA256 is broken, we need a hardfork anyway).

- Limit script data pushes to 256 bytes, with an exception for BIP16 redeem scripts.

- Make undefined witness/taproot versions invalid, including the annex and OP_SUCCESS*. To make any legitimate usage of them, we need a softfork anyway (see below about expiring this).

- Limit taproot control block to 257 bytes (128 scripts max), or at least way less than it currently is. 340e36 scripts is completely unrealistic.

- Make OP_IF invalid inside Tapscript. It should be unnecessary with taproot, and has only(?) seen abuse.

We can do these all together in a temporary softfork that self-expires after a year or two. This would buy time to come up with longer-term solutions, and observe how it impacts the real world. Since it expires, other softforks making use of upgradable mechanisms can just wait it out for those mechanisms to become available again - therefore we basically lose nothing. (This is intended to buy us time, not as a permanent fix.)

Alternatively, but much more complex, we could redesign the block weight metric so the above limits could be exceeded, but at a higher weight-per-byte; perhaps weigh data 25% more per byte beyond the expected size. This could also be a temporary softfork, perhaps with a rolling window, so future softforks could be free to lower weights should they be needed.

Another idea might be to increase the weight based on coin-days-destroyed/coin-age, so rapid churn has a higher feerate than occasional settlements. But this risks encouraging UTXO bloat, so needs careful consideration to proceed further.

Happy to throw together a BIP and/or code if there's community support for this.

Luke


On 10/2/25 16:42, PortlandHODL wrote:
Proposing: Softfork to after (n) block height; the creation of outpoints with greater than 520 bytes in the ScriptPubkey would be consensus invalid.

This is my gathering of information per BIP 0002

After doing some research into the number of outpoints that would have violated the proposed rule there are exactly 169 outpoints. With only 8 being non OP_RETURN. I think after 15 years and not having discovered use for 'large' ScriptPubkeys; the reward for not invalidating them at the consensus level is lower than the risk of their abuse. 
  • Reasons for
    • Makes DoS blocks likely impossible to create that would have any sufficient negative impact on the network.
    • Leaves enough room for hooks long term
    • Would substantially reduce the divergence between consensus  and relay policy
    • Incredibly little use onchain as evidenced above.
    • Could possibly reduce codebase complexity. Legacy Script is largely considered a mess though this isn't a complete disablement it should reduce the total surface that is problematic.
    • Would make it harder to use the ScriptPubkey as a 'large' datacarrier.
    • Possible UTXO set size bloat reduction.

  • Reasons Against 
    • Bitcoin could need it in the future? Quantum?
    • Users could just create more outpoints.
Thoughts?

source of onchain data 

PortlandHODL

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/6f6b570f-7f9d-40c0-a771-378eb2c0c701n%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/001afe1d-0282-4c68-8b1c-ebcc778f57b0%40dashjr.org.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAMHHROwJA5N%3DSfejF353oWFFsKVCtk5cpr9QkOv%2BZcqGDFz6oA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALeFGL0PDjtRt2rfbY4gTkoc%2B5oNQ0mn_obraE7PrtHuNYFpQw%40mail.gmail.com.